diff options
author | Pascal Quantin <pascal.quantin@gmail.com> | 2015-05-08 21:14:10 +0200 |
---|---|---|
committer | Pascal Quantin <pascal.quantin@gmail.com> | 2015-05-08 19:21:54 +0000 |
commit | db3412051ff3e20526f2f4bbf11271da4d70ef56 (patch) | |
tree | 218940de85477a87b9da0f2f84fced5108850215 /epan/crypt | |
parent | dce4cc675db8f81096095c48a41ae9c628b72c2f (diff) | |
download | wireshark-db3412051ff3e20526f2f4bbf11271da4d70ef56.tar.gz |
airpdcap: ensure that buffer put on stack is big enough to hold the result of AirPDcapRsnaPwd2PskStep()
g1439eb6 changed AIRPDCAP_WPA_PSK_LEN from 64 bytes to 32 bytes, leading to a stack corruption in AirPDcapRsnaPwd2Psk() function
Change-Id: Ibf51f6749715055cd84906a144214ed44c85256b
Reviewed-on: https://code.wireshark.org/review/8358
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Diffstat (limited to 'epan/crypt')
-rw-r--r-- | epan/crypt/airpdcap.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c index 5b955fedea..973c0e1acb 100644 --- a/epan/crypt/airpdcap.c +++ b/epan/crypt/airpdcap.c @@ -1735,10 +1735,10 @@ AirPDcapRsnaPwd2Psk( const size_t ssidLength, UCHAR *output) { - UCHAR m_output[AIRPDCAP_WPA_PSK_LEN]; + UCHAR m_output[2*AIRPDCAP_SHA_DIGEST_LEN]; GByteArray *pp_ba = g_byte_array_new(); - memset(m_output, 0, AIRPDCAP_WPA_PSK_LEN); + memset(m_output, 0, 2*AIRPDCAP_SHA_DIGEST_LEN); if (!uri_str_to_bytes(passphrase, pp_ba)) { g_byte_array_free(pp_ba, TRUE); |